Provided by: yum-utils_1.1.26-0ubuntu1_amd64 bug

NAME

       yum security plugin

SYNOPSIS

       yum [options] [command] [package ...]

DESCRIPTION

       This  plugin  extends yum to allow lists and updates to be limited using security relevant
       criteria

       added yum commands are:
        * update-minimal

       This works like the update command, but if you have the the package  foo-1  installed  and
       have  foo-2 and foo-3 available with updateinfo.xml then update-minimal will update you to
       foo-3.
        * info-updateinfo
        * list-updateinfo

       both of the last two take these sub-commandss:
        * * <advisory> [advisory...]
        * * bugzillas
        * * cves
        * * security
        * * new-packages

       <advisory> [advisory...]
              Is used to display information about one or more advisories.

       list-updateinfo
              Is  used  to  list  all  of  the  relevant  errata  notice  information,  from  the
              updateinfo.xml  data  in  yum.  This includes bugzillas, CVEs, security updates and
              new.

       bugzillas / bzs
              Is the subset of the updateinfo information, pertaining to the bugzillas.

       cves   Is the subset of the updateinfo information, pertaining to the CVEs.

       security / sec
              Is the subset of the updateinfo information, pertaining to security.

       bugfix Is the subset of the updateinfo information, pertaining to bugfixes.

       enhancement
              Is the subset of the updateinfo information, pertaining to enhancements.

       recommended
              Is the subset of the updateinfo information, pertaining to recommended updates.

       new-packages
              Is the subset of the updateinfo information, pertaining to new packages. These  are
              packages which weren't available at the initial release of your distribution.

GENERAL OPTIONS

       There  are  four  options  added  to  yum  that are available in the "list updates", "info
       updates", "check-update" and "update" commands. They are:

       --advisory
              This option includes packages coresponding to the advisory ID, Eg. FEDORA-2201-123.

       --bz   This option includes packages that say they fix a Bugzilla ID, Eg. 123.

       --cve  This option includes packages that say they fix a CVE - Common Vulnerabilities  and
              Exposures ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123.

       --bugfixes
              This option includes packages that say they fix a bugfix issue.

       --security
              This option includes packages that say they fix a security issue.

EXAMPLES

       To list all updates that are security relevant, and get a reutrn code on whether there are
       security updates use:

              yum --security check-update

       To upgrade packages that have security errata (upgrades to the latest  available  package)
       use:

              yum --security update

       To  upgrade  packages  that  have  security  errata  (upgrades to the last security errata
       package) use:

              yum --security update-minimal

       To get a list of all BZs that are fixed for packages you have installed use:

              yum list-updateinfo bugzillas

       To get the information on advisory FEDORA-2707-4567 use:

              yum info-updateinfo FEDORA-2707-4567

       To update packages to the latest version which contain fixes for Bugzillas  123,  456  and
       789; and all security updates use:

              yum --bz 123 --bz 456 --bz 789 --security update

       To  update  to the packages which just update Bugzillas 123, 456 and 789; and all security
       updates use:

              yum --bz 123 --bz 456 --bz 789 --security update-minimal

       To get an info list of the latest packages which contain  fixes  for  Bugzilla  123;  CVEs
       CVE-2207-0123    and   CVE-2207-3210;   and   Fedora   advisories   FEDORA-2707-4567   and
       FEDORA-2707-7654 use:

              yum --bz 123 --cve CVE-2207-0123 --cve  CVE-2207-3210  --advisory  FEDORA-2707-4567
              --advisory FEDORA-2707-7654 info updates

       To get a list of packages which are "new".

              yum list-updateinfo new

SEE ALSO

       yum (8)
       yum.conf (5)

AUTHORS

       James Antill <james.antill@redhat.com>.

BUGS

       The update-minimal command ignores the \--obsoletes flag.

       The  update-minimal  command  can  only directly affect things atm., so if you update pkgA
       minimally but that requires an update to pkgB then pkgB will  be  updated  to  the  newest
       version by the depsolver. Also the above will happen even if you've also minimally updated
       pkgB, if either the direct (minimal) update for pkgB  happens  after  or  if  the  minimal
       update for pkgB doesn't satisy the requirements of pkgA.

       The  main  "problem"  is that if the data is not correct the plugin cannot work correctly.
       For instance "--bz 123" will not fix BZ 123 if a package is updated to fix that BZ without
       referencing that it does so in the updateinfo.xml.